Security researchers investigating the software coding vulnerability that hit Juniper Networks two weeks ago are now warning against the threat of encryption technology weaknesses, Reuters reported.
According to computer experts, the sophistication of the “back door” revealed in Juniper’s routers means it may have been state-sponsored.
While there are no leads on who or what is responsible for the Juniper vulnerability, Reuters confirmed that the company did use the National Security Agency’s cryptography standard.
But in 2007, Microsoft researchers reportedly determined that the technology contained a deliberate flaw that would allow the system’s creators to access or break the encryption when needed.
“If this really was intended as a ‘nobody but us’ back door and then subverted by a nation-state, that’s a tricky place for policymakers,” Dave Palmer, cybersecurity firm Darktrace’s director of technology, explained to Reuters, adding that it’s been proven now that no back door is “absolutely bulletproof.”
The encryption battle between nation-states and private companies over data security remains a hot topic.
In the ongoing fight over the government’s right to access consumer data transmitted via smartphones and digital devices, privacy advocates are calling on support from the White House to fight off lawmakers’ attempts to pass stringent encryption legislation.
As The Hill reported earlier this month, the recent terrorist attacks in Paris and San Bernardino, California, have renewed the efforts of lawmakers to promote a bill that will require companies to decrypt information at the request of law enforcement agencies.
“Whenever you build in access, you’re running a risk … that that access will be misused,” Stewart Baker, former general counsel at the NSA, explained to Reuters. “The question here is: Is this a risk that ought to be managed, or should we refuse to accept it at all?”